At the end of May, security researchers discovered a Microsoft Office zero-day vulnerability that has since been actively exploited in numerous attacks by cybercriminals and state-actors via the Microsoft Diagnostic Tool (MSDT) — a threat propagated simply by opening a Word document. The vulnerability was dubbed by researchers as “Follina” (CVE-2022-30190).
The threat leverages Microsoft Office programs and can bypass Microsoft Defender as it does not require elevated privileges to carry out an attack. Furthermore, the attack itself is carried out locally — yet the attacker can do so remotely. Simply requiring the victim to open just a single document, this vulnerability enables the attacker to gain access and control over a target system.
Microsoft Patch Tuesday
After initially ignoring the vulnerability, Microsoft eventually heeded security experts’ warnings and added Follina to its roster for the latest Patch Tuesday (06/14) by including its fix in the cumulative Windows Update. Users are encouraged to update their systems as soon as possible. In an update, Microsoft stated:
“Microsoft strongly recommends that customers install the updates to be fully protected from the vulnerability. Customers whose systems are configured to receive automatic updates do not need to take any further action […] Microsoft recommends installing the updates as soon as possible.”
While the fix is a positive development, we are left with the impression that the next threat is just around the corner. Boobytrapped Office files are a common tactic by threat actors, with attackers having exploited Microsoft Office to deliver malware for a long time now. And while companies such as Microsoft do what they can to stay ahead of the curve, attackers too are always testing new approaches.
How to Check if Your Computer Is Vulnerable to Attack
Trend Micro’s Cleaner One Pro will scan your entire hard drive to clean and optimize its contents. This includes caches, logs, old apps, widgets, language packs, plug-ins, hidden trash, unused large files, Other storage, duplicate files, and more! Of special note is the new Vulnerability Scanner which will effectively scan your system — including Office — for threats. Available for both Mac and Windows.
Cleaner One Pro comes with several other house cleaning tools, including:
- Memory Optimizer
- Junk Cleaner
- File Scanner
- Duplicate Files Finder
- App Manager
- File Shredder
- Memory Disk map
These functions are all rolled into one easy-to-use interface for maximum efficiency and simplicity. Click the link above or the button below to learn more. As ever, we hope you’ve found this article to be a helpful and/or interesting read — if so, please do SHARE with friends and family to help keep the online community secure and protected.